Last week I had a lot of fun with the latest blockchain investigation competition put together by folks at Anchain. The competition spanned two weeks and included a number of questions challenging players to dig through Ethereum blockchain transaction and smart contract data. In addition to many freely available tools, participants were also offered a free license of Anchain’s CISO blockchain analytics platform which made the analysis a lot easier.
In this writeup I will discuss blockchain analytics tools, techniques, and lessons learned while solving challenges. I will only focus on solving the last (and hardest) challenge investigating the infamous exit scam and the eventual return of funds by SushiSwap’s Chef Nomi back in September, 2020. My goal is to share the investigation steps so that you, the reader, would also be inspired to participate in future contests or may be even make this your future career. Check out my Blockchain Threat Intelligence newsletter for ideas on how to contribute to this field. …
On November 5th, 2019 I had a great experience attending a new conference in the Bay Area called Disclosure. Even though this was its first year, Disclosure gathered an amazing speaker line up including Katie Moussouris, Dan Kaminsky, Jennifer Granick, Juan Andres Guerrero-Saade and many others.
The conference reserved a beautiful venue at Westin St. Francis hotel with a single large ballroom for the talks. The hallways leading to the event were lit up in a futuristic purple light with a number of posters with various ciphers for the scavenger hunt competition:
Defcon 27 featured a Blockchain Security Village with a number of excellent talks and contests. During the event, I had the pleasure of competing and winning a smart contract security CTF called Chain Heist. The contest was sponsored by Synopsys and featured 23 challenges of varying difficulty.
The write up below will cover information about the game as well as solutions for some of my favorite challenges.
One of the highlights of the game was a beautiful interface which was built as an Ethereum DApp capable of automatically deploying contracts for each player. …